$20M Offered By Russian Zero-Day Seller To Hack Android And iPhone Devices
- С сайта: Zero-Day(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Zero-Day(cybersecuritynews.com)
The Russian company Operation Zero is currently offering researchers $20 million in exchange for hacking tools that would enable its customers to take control of Android and iPhone devices.
“By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform,” the company said.
The company declared that it was raising compensation for zero-days in those platforms from $200,000 to $20 million on its Telegram accounts and on its official account on X, formerly Twitter.
Due to high demand on the market, we're increasing payouts for top-tier mobile exploits. In the scope:
— iOS RCE/LPE/SBX/full chain — From $200,000 up to $20,000,000 (twenty millions).
— Android RCE/LPE/SBX/full chain — The same.
As always, the end user is a non-NATO country.
— Operation Zero (@opzero_en) September 26, 2023
The 2021-launched Russian-based Operation Zero further stated, “as always, the end user is a non-NATO country.”
The business states on its official website that “our clients are Russian private and government organizations only.”
Reports say that CEO Sergey Zelenyuk of Operation Zero refused to explain why they only sell to non-NATO nations. “No reasons other than the obvious ones,” he replied.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Specifics of the New Regulation
Zelenyuk stated that the bounties the company is now offering may be temporary and reflect a certain time in the market and the difficulties of hacking iOS and Android, reads TechCrunch report.
“The price formation of specific items is heavily dependent on the availability of the product on the zero-day market,” in an email, Zelenyuk stated.
“Full chain exploits for mobile phones are the most expensive products right now and they’re used mostly by government actors. When an actor needs a product, sometimes they’re ready to pay as much as possible to possess it before it gets into the hands of other parties.”
The 2015-founded startup Zerodium is willing to pay up to $2.5 million for a series of flaws that let users break into an Android smartphone without the target’s involvement—without the target clicking on a phishing link. According to its website, Zerodium will pay up to $2 million for the same kind of chain on iOS.
With better security mitigations and protections on newer mobile devices, hackers may require several zero-day vulnerabilities to completely compromise and seize control of a targeted device.
A rival company, Crowdfense, with headquarters in the United Arab Emirates, promises up to $3 million for similar iOS and Android bugs.
Zelenyuk stated that he doesn’t think the bounties offered by Zerodium and Crowdfense will ever fall so low.
“The Zerodium price sheet is outdated, but it doesn’t mean the company still buys for such low prices. They just don’t need to update them, the zero-day business works fine regardless of that,” said Zelenyuk.
The market for zero days is mainly unregulated. However, in other nations, businesses might need to ask their own governments for export licenses.
This process comprises requesting authorization to sell to restricted countries. As a result, the market is now fragmented and increasingly influenced by politics.
“This new regulation might enable elements in the Chinese government to stockpile reported vulnerabilities toward weaponizing them,” Microsoft said in a report from last year.
#Android #Cyber_Security_News #Zero-Day #cyber_security #cyber_security_news
Оригинальная версия на сайте:
$20M Offered By Russian Zero-Day Seller To Hack Android And iPhone Devices
Author: GuruThe Russian company Operation Zero is currently offering researchers $20 million in exchange for hacking tools that would enable its customers to take control of Android and iPhone devices.
“By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform,” the company said.
The company declared that it was raising compensation for zero-days in those platforms from $200,000 to $20 million on its Telegram accounts and on its official account on X, formerly Twitter.
Due to high demand on the market, we're increasing payouts for top-tier mobile exploits. In the scope:
— iOS RCE/LPE/SBX/full chain — From $200,000 up to $20,000,000 (twenty millions).
— Android RCE/LPE/SBX/full chain — The same.
As always, the end user is a non-NATO country.
— Operation Zero (@opzero_en) September 26, 2023
The 2021-launched Russian-based Operation Zero further stated, “as always, the end user is a non-NATO country.”
The business states on its official website that “our clients are Russian private and government organizations only.”
Reports say that CEO Sergey Zelenyuk of Operation Zero refused to explain why they only sell to non-NATO nations. “No reasons other than the obvious ones,” he replied.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Specifics of the New Regulation
Zelenyuk stated that the bounties the company is now offering may be temporary and reflect a certain time in the market and the difficulties of hacking iOS and Android, reads TechCrunch report.
“The price formation of specific items is heavily dependent on the availability of the product on the zero-day market,” in an email, Zelenyuk stated.
“Full chain exploits for mobile phones are the most expensive products right now and they’re used mostly by government actors. When an actor needs a product, sometimes they’re ready to pay as much as possible to possess it before it gets into the hands of other parties.”
The 2015-founded startup Zerodium is willing to pay up to $2.5 million for a series of flaws that let users break into an Android smartphone without the target’s involvement—without the target clicking on a phishing link. According to its website, Zerodium will pay up to $2 million for the same kind of chain on iOS.
With better security mitigations and protections on newer mobile devices, hackers may require several zero-day vulnerabilities to completely compromise and seize control of a targeted device.
A rival company, Crowdfense, with headquarters in the United Arab Emirates, promises up to $3 million for similar iOS and Android bugs.
Zelenyuk stated that he doesn’t think the bounties offered by Zerodium and Crowdfense will ever fall so low.
“The Zerodium price sheet is outdated, but it doesn’t mean the company still buys for such low prices. They just don’t need to update them, the zero-day business works fine regardless of that,” said Zelenyuk.
The market for zero days is mainly unregulated. However, in other nations, businesses might need to ask their own governments for export licenses.
This process comprises requesting authorization to sell to restricted countries. As a result, the market is now fragmented and increasingly influenced by politics.
“This new regulation might enable elements in the Chinese government to stockpile reported vulnerabilities toward weaponizing them,” Microsoft said in a report from last year.
#Android #Cyber_Security_News #Zero-Day #cyber_security #cyber_security_news
Оригинальная версия на сайте:
